Trusted Platform Module Overview and Functions

Trusted Platform Module (TPM) is a chip used for the identification and authentication of a device on the network and to ensure the software loaded on the system is in the correct state when it started up. Each TPM chip is unique to a particular device.

Use Feature Explorer to confirm platform and release support for specific features.

You can safeguard sensitive data (such as private keys, certificates, and configuration files) stored in the file systems using the TPM, thereby reinforcing the integrity and confidentiality of your device's operations.

Using TPM on the device, the hard disk drive cannot be connected and accessed outside to another device.

TPM is used to secure the device hardware through integrated cryptographic keys and to store the device identity (DevID) information. A TPM certificate securely proves a device's identity. Applications (Secure Zero Touch Provisioning (SZTP) and advanced anti-malware (AAMWD) must use it when secure device identity is required.

Table 1: Supported Features using TPM

TPM Version	Supported Features
TPM 1.2	Using Master Password for Encryption of Files. Remote Integrity Verification
TPM 2.0	DevID for sZTP and AAMWD File system Encryption

• Benefits of TPM
• Security Functions of TPM

Encryption protects sensitive information stored in private keys, configuration files, logs, and system-generated files on disk drive file systems.

Encryption also prevents unauthorized access to data stored in files on a disk or disk volume.

File system encryption is supported on devices for bulk encryption of file names, folder names, file contents, and other meta-data that operates on an entire volume. In this method, the data is automatically encrypted when written to disk and decrypted when read from it. The encryption key is enclosed to the Trusted Platform Module (TPM) 2.0 device. The files are accessible immediately after the encryption key is provided. The data stored on the encrypted file system is read using the encryption keys.

Use Feature Explorer to confirm platform and release support for specific features.

One of the features of the Trusted Platform Module (TPM) is to measure various software components during device boot. The data is stored as a cryptographic hash in the TPM's Platform Configuration Registers (PCR). You can use PCR as proof of the integrity of the devices software version. The chip includes multiple physical security mechanisms to make it tamper resistant and the malicious software cannot tamper the security functions of the TPM.

Remote Integrity Verification (RIV) defines a set of protocols and procedures to determine whether a particular device is launched with an untampered software version. The roles involved in the RIV process are Attester and Verifier.

The Attester provides evidence of identity and software state to the Verifier on demand. The Verifier verifies the evidence and makes a judgment about the integrity of the software image running on the Attester.